package com.itmuch.web;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created by xi on 2017/6/1.
 */
/**
 * 订单API入口
 * @author junqiangliu
 *
 */
@RestController("测试资源服务器允许访问的API")
@RequestMapping(value = "/v1", produces = { MediaType.APPLICATION_JSON_UTF8_VALUE })
@Configuration


//需要被授予权限访问的资源需要加了
//1EnableResourceServer
//2 @EnableGlobalMethodSecurity(prePostEnabled=true)
//3 @PreAuthorize("hasRole('USER')")
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class TestController {

    private final static Logger LOGGER = LoggerFactory.getLogger(TestController.class);

    @ApiOperation(value = "查询订单", notes = "")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "orderId", paramType = "path", value = "订单id", required = true, dataType = "Long")
    })
    @RequestMapping(method = RequestMethod.GET, value = "/test/{orderId}")
    @PreAuthorize("hasRole('USER')")
    public String findOrderById(@PathVariable Long orderId) {
        LOGGER.debug("try to find order by id: " + orderId);
        return "success";
    }
}